A third of companies have no in-house security capabilities: Gartner

Fully a third of organisations have no cybersecurity expertise inhouse, according to a new survey that highlights the ongoing difficulties caused by Australia’s cybersecurity skills crisis.

Although 95 percent of CIOs expect the level of cybersecurity threats to increase over the next three years, just 65 percent of those organisations currently have a cybersecurity expert, Gartner’s 2018 CIO Agenda Survey – conducted amongst 3160 CISOs in 98 countries – revealed.

Businesses are increasingly investing in cybersecurity detection and response capabilities, with 60 percent of security budgets expected to be allocated to this area by 2020 and 36 percent of respondents actively experimenting with the technology or planning to implement it in the short term.

Yet budgets are only one part of the solution, Gartner research director Rob McMillan said in a statement. “Taking a risk-based approach is imperative to set a target level of cybersecurity readiness,” he explained.

“Raising budgets alone doesn’t create an improved risk posture. Security investments must be prioritised by business outcomes to ensure the right amount is spent on the right things.”

Yet while spending on cybersecurity expertise would seem to be a no-brainer, the large number of companies without formal inhouse expertise suggests another ongoing, underlying challenge in finding and securing those skills within the current competitive market.

The recently released Australian Computer Society (ACS)-Deloitte Digital Pulse Report 2018 paints a bleak portrait of the supply of suitable cybersecurity skills, with demand for ICT workers expected to surge from 663,100 last year to 758,700 workers by 2023.

Cyber security “is an area where Australia can take a leading role,” the analysis concluded. “Investing in our cyber capabilities will raise our overall security and create new opportunities for innovation, job creation and economic growth.”

Improving the cybersecurity skills situation will require a co-ordinated national effort rather than the piecemeal state-based approach practiced to date, the report proposes while recommending “creative approaches” to building high-demand ICT skills such as cybersecurity, data science, and mobile development.

Such approaches were necessary to continue Australia’s strong position in cybersecurity despite the country coming third in the ITU’s cyber capabilities ranking, and OECD figures suggesting Australia has the world’s sixth-highest proportion of ICT graduates as a share of total graduates (3.77 percent).

Seeking to bolster these figures, the government this month launched its Global Talent Scheme pilot program, which offers streamlined visas to improve access to in-demand cybersecurity and other skills.

“The demand for digital skills in our economy is exploding,” said ACS president Yohan Ramasundara in a statement.

“The growth of artificial intelligence, automation and the internet of things is driving significant disruption across all industries, and highly trained ICT professionals are in more demand than ever before. If we want to be competitive in the world economy, we need to invigorate the education and training sectors to increase Australia’s ICT talent pool.”

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.